Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Launches Vulnerability Management Tool
Recent developments in the cybersecurity landscape highlight significant vulnerabilities and responses that could impact millions of users and organizations. This week, notable incidents include a critical flaw in phpBB, a supply chain attack affecting WordPress sites, and the unveiling of AWS’s new vulnerability management tool. These events underscore the ongoing challenges in cybersecurity, emphasizing the need for vigilance and proactive measures.
phpBB Vulnerability Exposes User Sessions
A critical authentication bypass vulnerability has been discovered in phpBB versions up to 3.3.16 and 4.0.0-a2. This flaw allows an unauthenticated HTTP request to impersonate any user, including administrators, thereby exposing private messages and forum content. Researchers have advised phpBB users to upgrade to version 3.3.17 or the latest master branch immediately. Despite a patch being issued shortly after the vulnerability was reported via HackerOne, thousands of active forums remain at risk.
Velvet Ant’s Stealthy Operations in Critical Infrastructure
The cyber espionage group known as Velvet Ant, believed to be linked to Chinese interests, has maintained a covert presence within air-gapped critical infrastructure networks since approximately 2016. The group utilized a combination of internet-facing footholds, Nginx/FastCGI proxies, and backdoored PAM/OpenSSH components to facilitate credential theft and persistent access. Their operations included deploying variants of GS-Netcat and SOCKS5 proxies, as well as multiple backdoors across various hosts. The complexity of remediation efforts has posed significant challenges for affected organizations.
Chrome Extensions Put Millions at Risk
Critical vulnerabilities in the SiderAI (Spyder) and MaxAI (MaXSS) Chrome extensions have put over 10 million users at risk. These flaws allow malicious websites to execute arbitrary actions within the extensions, including taking hidden screenshots and accessing sensitive data. With no response from the vendors, users are advised to remove these extensions until a fix is implemented. The potential for full browser session compromise and account takeovers without user interaction raises serious concerns about the security of widely used browser extensions.
AWS Introduces Continuum for Vulnerability Management
In response to the growing need for effective vulnerability management, AWS has launched a new AI-powered tool called Continuum. This tool is designed to assist organizations in discovering, prioritizing, validating, and resolving vulnerabilities. Currently available in gated preview, Continuum integrates findings from existing tools and its own scanning capabilities, prioritizing vulnerabilities based on their exploitability within the user’s specific environment.
Supply Chain Attack Compromises 1.2 Million WordPress Sites
A significant supply chain attack has affected over 1.2 million WordPress sites through the OptinMonster plugin. Attackers injected malicious JavaScript into the plugin’s CDN scripts, activating for logged-in administrators and creating rogue accounts and hidden backdoors. The breach originated from a compromised UpdraftPlus instance and CDN key, highlighting the vulnerabilities inherent in supply chain dependencies.
FTC Reports Soaring Imposter Scam Losses
The Federal Trade Commission (FTC) has reported that imposter scams have become the most prevalent form of fraud in the United States, costing consumers approximately $3.5 billion in 2025. This figure represents a nearly threefold increase since 2020, driven largely by bank and government impersonation schemes. The FTC continues to enforce its Impersonation Rule while promoting public awareness campaigns to combat these fraudulent activities.
DOT Concludes Investigation into Delta’s Response to CrowdStrike Outage
The U.S. Department of Transportation has concluded its investigation into Delta Air Lines’ response to a significant outage caused by CrowdStrike in 2024. The investigation found that Delta provided adequate support to affected passengers, including refunds and assistance for individuals with disabilities. This outcome aligns with the current administration’s approach to consumer protection enforcement, moving away from stricter measures implemented during previous administrations.
Malicious Plugins Target JetBrains Marketplace Users
At least 15 malicious plugins available on the JetBrains Marketplace have been found to exfiltrate API keys from developers. These plugins, masquerading as AI coding assistants, have accumulated nearly 70,000 installs while performing their advertised functions. The stolen keys are transmitted in plaintext to a hardcoded server controlled by attackers, raising significant concerns about the security of third-party plugins in development environments.
Apple Addresses Beats Firmware Vulnerability
Apple has released a firmware update for Beats Studio Buds, addressing a critical vulnerability that allowed unauthorized access to the microphone on unpaired devices. The update, version 1B211, resolves CVE-2025-20701, which posed a risk to user privacy. The firmware updates automatically when paired with Apple devices, ensuring that users benefit from enhanced security measures.
Popa Botnet Linked to Israeli Proxy Provider
Researchers have identified the Popa Android TV box botnet as being connected to NetNut, a service operated by Israeli company Alarum Technologies. This botnet has been utilized for residential proxy traffic in ad fraud and data scraping operations, raising concerns about local network exposure. The allegations have been disputed by NetNut and Alarum, who claim that the assertions are inaccurate and based on flawed deductions.
GCP Config Connector Vulnerability
A vulnerability in Google Cloud Platform’s Config Connector has been discovered, allowing any Kubernetes namespace user to escalate their privileges to GCP Organization Owner by submitting a malicious IAMPolicyMember. Google initially classified the issue as a high priority but later deemed it “working as intended,” leaving it unpatched. This vulnerability poses risks for organizations utilizing the service for organization-level management.
ShinyHunters Breach Exposes Sensitive Data
The hacking group ShinyHunters has leaked sensitive data from Madison Square Garden, including personal information related to Knicks players, coaches, and celebrities. This data dump follows a breach that occurred on June 5, further highlighting the ongoing threat posed by cybercriminals who leverage public leaks to exert pressure on organizations.
For further insights into the evolving cybersecurity landscape, visit SecurityWeek.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
